diff options
Diffstat (limited to 'src/openvpn/ssl_mbedtls.c')
| -rw-r--r-- | src/openvpn/ssl_mbedtls.c | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 3f579e1..89b1b67 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -232,6 +232,19 @@ tls_translate_cipher_name(const char *cipher_name) } void +tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers) +{ + if (ciphers == NULL) + { + /* Nothing to do, return without warning message */ + return; + } + + msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. " + "Ignoring TLS 1.3 cipher list: %s", ciphers); +} + +void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) { char *tmp_ciphers, *tmp_ciphers_orig, *token; @@ -853,7 +866,7 @@ tls_ctx_personalise_random(struct tls_root_ctx *ctx) const md_kt_t *sha256_kt = md_kt_get("SHA256"); mbedtls_x509_crt *cert = ctx->crt_chain; - if (0 != md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash)) + if (!md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash)) { msg(M_WARN, "WARNING: failed to personalise random"); } @@ -1327,9 +1340,15 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix) } void -show_available_tls_ciphers(const char *cipher_list, - const char *tls_cert_profile) +show_available_tls_ciphers_list(const char *cipher_list, + const char *tls_cert_profile, + bool tls13) { + if (tls13) + { + /* mbed TLS has no TLS 1.3 support currently */ + return; + } struct tls_root_ctx tls_ctx; const int *ciphers = mbedtls_ssl_list_ciphersuites(); @@ -1342,18 +1361,11 @@ show_available_tls_ciphers(const char *cipher_list, ciphers = tls_ctx.allowed_ciphers; } -#ifndef ENABLE_SMALL - printf("Available TLS Ciphers,\n"); - printf("listed in order of preference:\n\n"); -#endif - while (*ciphers != 0) { printf("%s\n", mbedtls_ssl_get_ciphersuite_name(*ciphers)); ciphers++; } - printf("\n" SHOW_TLS_CIPHER_LIST_WARNING); - tls_ctx_free(&tls_ctx); } |